A so-called trusted execution environment targets the separation and isolation of trusted applications from untrusted applications. The untrusted applications have no way to tamper or influence the execution of the trusted applications or the data processed by the trusted applications. A trusted execution environment must also authenticate the code in order to identify it as trusted and unmodified and ensure this state. Some applications ask for a remote attestation of the integrity of the system before they actually grant access to services.
For example, a separate core can be allocated to realize a trusted execution environment. Such an approach is common, but not cost optimized. A flexible system design would dedicate a complete isolated core for the trusted execution environment. A complete dedicated core is expensive and must be dimensioned for the highest possible load, and unused cycles cannot be used by the untrusted applications.
In another example, a software hypervisor is a micro kernel which sits between the hardware and the normal OS (operating system). The software hypervisor fully controls the hardware and limits the OS to run in user space. Such a solution is not hardware-based, however.
The ARM ‘TrustZone’ provides a trust state inband signal and has a hypervisor mode in addition to unsecure/secure user and supervisor modes. The core executes trusted and untrusted code in the same, single hardware thread. By this it allows a flexible use of the CPU (central processing unit), but it spends certain efforts on the context switches. An additional single signal from the CPU indicates the trusted state towards the peripherals. A separation of multiple, independent trusted applications is possible only in combination with a hypervisor.